CVE-2023-54062 (CNNVD-202512-4512)
中文标题:
Linux kernel 安全漏洞
英文标题:
ext4: fix invalid free tracking in ext4_xattr_move_to_block()
漏洞描述
中文描述:
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于无效的释放跟踪,可能导致内存泄漏或无效释放。
英文描述:
In the Linux kernel, the following vulnerability has been resolved: ext4: fix invalid free tracking in ext4_xattr_move_to_block() In ext4_xattr_move_to_block(), the value of the extended attribute which we need to move to an external block may be allocated by kvmalloc() if the value is stored in an external inode. So at the end of the function the code tried to check if this was the case by testing entry->e_value_inum. However, at this point, the pointer to the xattr entry is no longer valid, because it was removed from the original location where it had been stored. So we could end up calling kvfree() on a pointer which was not allocated by kvmalloc(); or we could also potentially leak memory by not freeing the buffer when it should be freed. Fix this by storing whether it should be freed in a separate variable.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Linux | Linux | - | < 76887be2a96193cd11be818551b8934ecdb3123f | - |
cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*
|
| Linux | Linux | 6.3 | - | - |
cpe:2.3:a:linux:linux:6.3:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2023-54062 |
2026-01-07 02:47:12 | 2026-01-12 02:09:17 |
| NVD | nvd_CVE-2023-54062 |
2025-12-30 04:12:18 | 2026-01-12 02:27:00 |
| CNNVD | cnnvd_CNNVD-202512-4512 |
2026-01-11 06:15:04 | 2026-01-12 02:38:06 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- severity: SeverityLevel.MEDIUM -> SeverityLevel.UNKNOWN
- cvss_score: 未提取 -> 0.0
- cnnvd_id: 未提取 -> CNNVD-202512-4512
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 10 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']